April 15, 2013 AT 2:00 am

Decoding BCARD Conference Badges

Last month, I had the opportunity to fly halfway around the world to attend RSA Conference 2013. Everyone was given a lanyard and badge which contains your information entered during registration. When you visit booths, they can then scan your badge to collect your information and follow up by sending you spam.

The scanner varies across different booths, but mostly it’s an Android device that ran a custom software. Since it had a large NXP logo, let’s try to read it with the NFC TagInfo app. Looks like the tag identifies itself as a NDEF message but the data is gibberish.

Apparently these badges are called BCARDs and it turns out that you can download the scanner app from the Google Play store. The app requires activation by downloading some configuration data from their servers, and without doing that the app doesn’t seem to want to read my badge. Well, time to take it apart.

"The first 90 percent of the code accounts for the first 90 percent of the development time. The remaining 10 percent of the code accounts for the other 90 percent of the development time" - Tom Cargill